CVE-2017-18694 - OpenCVE

An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Samsung	Exynos 5250 Exynos 5260 Exynos 5410 Exynos 5420 Exynos 5422 Exynos 5430 Exynos 5800

Configuration 1 [-]

AND

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:samsung:exynos_5250:-:::::::*
	cpe:2.3:h:samsung:exynos_5260:-:::::::*
	cpe:2.3:h:samsung:exynos_5410:-:::::::*
	cpe:2.3:h:samsung:exynos_5420:-:::::::*
	cpe:2.3:h:samsung:exynos_5422:-:::::::*
	cpe:2.3:h:samsung:exynos_5430:-:::::::*
	cpe:2.3:h:samsung:exynos_5800:-:::::::*

No data.

References

Link	Providers
https://security.samsungmobile.com/securityUpdate.smsb

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-07T13:57:06

Updated: 2024-08-05T21:28:55.956Z

Reserved: 2020-04-07T00:00:00

Link: CVE-2017-18694

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-07T14:15:13.793

Modified: 2020-04-09T13:16:45.720

Link: CVE-2017-18694

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-07T13:57:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security.samsungmobile.com/securityUpdate.smsb", "refsource": "CONFIRM", "url": "https://security.samsungmobile.com/securityUpdate.smsb"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:28:55.956Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18694", "datePublished": "2020-04-07T13:57:06", "dateReserved": "2020-04-07T00:00:00", "dateUpdated": "2024-08-05T21:28:55.956Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_5250:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2CBA0AA-B7A4-4276-9ED3-34CA2D68E56A", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:exynos_5260:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0C086DB-7235-4B14-8DD2-2893340EEE86", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:exynos_5410:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB50EA38-FF8E-4708-BAE8-AF6A22497AC4", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:exynos_5420:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4235F7F-AA2D-428B-9B79-398CCD6C474A", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:exynos_5422:-:*:*:*:*:*:*:*", "matchCriteriaId": "C99855F5-EE1B-4BA1-8708-5679A8A2DF67", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:exynos_5430:-:*:*:*:*:*:*:*", "matchCriteriaId": "90941F8E-5F3E-43EB-9CB5-FB235CFA7877", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "36182055-4545-405C-8B39-CF5B87C014C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017)."}, {"lang": "es", "value": "Se detect\u00f3 un problema en dispositivos m\u00f3viles Samsung con versiones de software hasta el 25-10-2016 (chipsets Exynos5). Los atacantes pueden leer las direcciones del kernel en el registro porque es usado un especificador de formato incorrecto. El ID de Samsung es SVE-2016-7551 (Enero de 2017)."}], "id": "CVE-2017-18694", "lastModified": "2020-04-09T13:16:45.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-07T14:15:13.793", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}